Zero trust is critical as more enterprises sacrifice security for speed

A record number of employees, 66%, say they are expected to sacrifice security for speed so as not to slow projects down. That’s up from 45% last year. In addition, 79% of employees gave in to the pressure this year, sacrificing security to meet tighter deadlines and higher job expectations. With employees facing growing pressure to sacrifice security to get work done, zero trust becomes crucial to securing every endpoint. 

Verizon’s latest Mobile Security Index found that employees are under more pressure than ever to bypass security when necessary to get work done. The study also showed that the two weakest areas of mobile security are the lack of sufficient endpoint security and human error. Cyberattackers prey on each using social engineering. What’s more? Compounding cyberattackers’ efforts are 62% of cyberattacks attributed to insiders, caused by negligence rather than malicious intent. 

“Now that mobile is critical to business operations, it’s getting more attention from bad actors, too. From coordinated state-sponsored campaigns to unfocused, opportunistic criminal exploits, the volume of attacks is going up,” the Verizon Mobile Security Index report reads.

Mobile device cyberattacks are especially damaging because they strike at the intersection of a person’s identity, privacy and professional life.

Human error continues to be the leading cause of breaches. Eighty-two percent of all breaches analyzed in Verizon’s 2022 Data Breach Investigation Report started with cyberattacks aimed at users. Breaches begin with social engineering that targets privileged access credentials, phishing campaigns, duplicated or stolen credentials and human error. 

More spending, more breaches 

Mobile breaches continue to set records despite an uncertain economic climate. Eighty-five percent of enterprises have a budget for cybersecurity today, with 77% saying their mobile security spending increased this year. Sixty-seven percent predict even greater spending in 2023. However, increasing security budgets and allocating more to mobile security isn’t slowing down breaches.

Verizon found that nearly half of enterprises, 45%, have suffered a breach, intrusion or data exfiltration that originated on a mobile device in the last 12 months. It gets worse for enterprises with more extensive global operations. More than three-fifths, or 61%, have been hit with mobile-based cyberattacks in the last year. That’s significantly more than the 43% of local-operations-only enterprises that have been breached via mobile devices. 

Zero trust can meet enterprises’ need for speed

CISOs are consolidating their tech stacks to increase visibility across every endpoint while reducing costs. At the same time, more organizations are building a business case for adopting zero-trust network access (ZTNA) for increased speed and security. A Microsoft’s report found that 96% of security decision-makers believe zero trust is critical to their enterprises’ success. 

Gartner’s 2022 Market Guide for Zero Trust Network Access provides an analysis of the ZTNA market, its critical vendors and the factors enterprises need to consider when implementing ZTNA frameworks.

“From modern and mobile endpoint defense and device attestation to securing enterprise applications through the complete development lifecycle, enterprises need their security to scale with their data, access, employees, and customers,” Jon Paterson, Zimperium’s CTO, wrote in the company’s 2022 Global Mobile Threat Report. 

Using zero trust to protect every device as a new security perimeter

Implementing a zero-trust framework needs to start with the goal of gaining greater visibility, control and security over every endpoint. IT and security teams need to understand that every device added to their network is a new security perimeter.

As a result, zero trust quickly becomes table stakes as a framework for improving any organization’s security. A previous VB article highlighting the key things CISOs need to know about zero trust identifies how organizations can lay out a roadmap that best fits their business. 

CISOs continue to pressure UEM platform providers to consolidate and provide more value at lower costs

Gartner’s latest Magic Quadrant for Unified Endpoint Management Tools reflects CISOs’ impact on the product strategies at IBM, Ivanti, ManageEngine, Matrix42, Microsoft, VMWare, Blackberry, Citrix and others. Gartner’s market analysis shows that endpoint resilience is another critical buying criterion. Leaders in endpoint security include Absolute Software’s Resilience platform, Cisco AI Endpoint Analytics, CrowdStrike Falcon, CyCognito, Delinea, FireEye Endpoint Security, Venafi and ZScaler.

A report by Forrester names Ivanti, Microsoft and VMWare as market leaders, with Ivanti having the most fully integrated UEM, enterprise service management (ESM) and end-user experience management (EUEM) capability. Leading UEM platforms, including those from VMWare and Ivanti, have multifactor authentication (MFA) designed into the core code of their architectures. As MFA is one of the main components of zero trust, it’s often a quick win for CISOs who have often battled for budget. 

Support BYOD and corporate-owned mobile devices on the UEM platform

Unified Endpoint Management (UEM) platforms are proving capable of delivering device management for corporate device inventories while also supporting bring your device (BYOD) policies. Best-in-class UEM platforms support location-agnostic requirements, including cloud-first OS delivery, peer-to-peer patch management and remote support.

IT and security teams are turning to UEM platforms to help improve users’ experiences while factoring in how endpoint detection and response (EDR) fits into replacing VPNs. Advanced UEM platforms also provide automated configuration management to ensure compliance with corporate standards. 

Automated patch management can further reduce the risk of mobile breaches

It’s no surprise that the majority of security professionals see patch management as time-consuming and overly complex. IT and security teams are often overwhelmed with work, forcing patch management lower on their list of priorities. 53% of IT and security teams say organizing and prioritizing critical vulnerabilities takes up most of their time. Ivanti launched an AI-based patch intelligence system earlier this year at RSA.

Ivanti’s Neurons Patch for Microsoft Endpoint Configuration Monitor (MEM) is noteworthy because it relies on a series of AI-based bots to seek, identify and update all patches across endpoints that need to be updated. Additional vendors providing AI-based endpoint protection include Broadcom, CrowdStrike, SentinelOne, McAfee, Sophos, Trend Micro, VMWare Carbon Black and Cybereason. 

Mobile devices predict the future of zero trust 

Digital-first business plans dominate most businesses’ IT, security, sales and marketing plans today. But it’s the mobile devices in the hands of employees, suppliers and customers that are the endpoints that impact each strategy’s success or failure.

Instead of relying on legacy tech stacks to support next-generation digital revenue strategies, it’s time for more businesses to consider how to define a zero-trust framework that can help consolidate tech stacks while removing barriers to users’ productivity. The goal is to secure every endpoint as a new security perimeter without affecting users’ productivity. Zero trust is making that happen on mobile devices today.